From 71a8dac3894fd0b405dedd09a4fdeaea79ff3a9a Mon Sep 17 00:00:00 2001 From: rnsrk Date: Mon, 30 Mar 2026 11:10:11 +0200 Subject: [PATCH] better postinstall apps --- nextcloud/docker-compose.yml | 35 ++- .../install-nextcloud-office.sh | 35 +++ nextcloud/nextcloud-maintenance.sh | 226 ++++++++++++++++++ nextcloud/reverse-proxy/nginx.conf | 10 +- 4 files changed, 302 insertions(+), 4 deletions(-) create mode 100755 nextcloud/hooks/post-installation/install-nextcloud-office.sh create mode 100755 nextcloud/nextcloud-maintenance.sh diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml index 921fccd..af7acf5 100644 --- a/nextcloud/docker-compose.yml +++ b/nextcloud/docker-compose.yml @@ -1,7 +1,7 @@ # Nextcloud-Stack services: nextcloud: - image: nextcloud:31.0-fpm + image: nextcloud:32-fpm container_name: nextcloud depends_on: - nextcloud-redis @@ -10,6 +10,7 @@ services: - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER:-admin} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD:-admin} - NEXTCLOUD_DEFAULT_PHONE_REGION=DE + - NEXTCLOUD_DEFAULT_LANGUAGE=${NEXTCLOUD_DEFAULT_LANGUAGE:-de} - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET} - POSTGRES_DB=${NEXTCLOUD_DB_NAME} - POSTGRES_HOST=${NEXTCLOUD_DB_HOST} @@ -18,6 +19,8 @@ services: - OVERWRITEPROTOCOL=https - OVERWRITEHOST=${NEXTCLOUD_DOMAIN} - REDIS_HOST=nextcloud-redis + - TRUSTED_PROXIES=172.22.0.0/16 172.19.0.0/16 + - COLLABORA_DOMAIN=${COLLABORA_DOMAIN} labels: - "traefik.enable=false" volumes: @@ -61,6 +64,36 @@ services: - nextcloud restart: unless-stopped + collabora: + image: collabora/code:latest + container_name: nextcloud-collabora + environment: + - domain=${NEXTCLOUD_DOMAIN} + - aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443 + - username=${COLLABORA_USERNAME} + - password=${COLLABORA_PASSWORD} + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:logging.level=warning + - dictionaries=de_DE en_GB en_US + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN}`)" + - "traefik.http.routers.collabora.entrypoints=web,websecure" + - "traefik.http.routers.collabora.middlewares=https-redirect" + - "traefik.http.routers.collabora.tls=true" + - "traefik.http.routers.collabora.tls.certresolver=le" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + - "traefik.http.services.collabora.loadbalancer.server.scheme=http" + networks: + - nextcloud + - traefik + restart: unless-stopped + cap_add: + - MKNOD + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: nextcloud-data: name: nextcloud-data diff --git a/nextcloud/hooks/post-installation/install-nextcloud-office.sh b/nextcloud/hooks/post-installation/install-nextcloud-office.sh new file mode 100755 index 0000000..b6d3d8a --- /dev/null +++ b/nextcloud/hooks/post-installation/install-nextcloud-office.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -e + +echo "Installing Nextcloud Office (richdocuments) app..." +php /var/www/html/occ app:install richdocuments +echo "Nextcloud Office installed successfully!" + +echo "Enabling Nextcloud Office..." +php /var/www/html/occ app:enable richdocuments +echo "Nextcloud Office enabled successfully!" + +echo "Configuring Nextcloud Office with Collabora Online..." + +# Set the WOPI URL (Collabora server URL) +if [ -n "${COLLABORA_DOMAIN}" ]; then + echo "Setting WOPI URL to https://${COLLABORA_DOMAIN}" + php /var/www/html/occ --no-warnings config:app:set richdocuments wopi_url --value="https://${COLLABORA_DOMAIN}" +else + echo "Warning: COLLABORA_DOMAIN not set, skipping WOPI URL configuration" +fi + +# Disable certificate verification (set to 'yes' only for development/self-signed certs) +php /var/www/html/occ --no-warnings config:app:set richdocuments disable_certificate_verification --value="no" + +# Allow list for WOPI requests (optional, for additional security) +if [ -n "${COLLABORA_DOMAIN}" ]; then + php /var/www/html/occ --no-warnings config:app:set richdocuments wopi_allowlist --value="${COLLABORA_DOMAIN}" +fi + +# Enable the built-in CODE server option (if using built-in Collabora) +# Uncomment if you want to use the built-in CODE server instead of external Collabora +# php /var/www/html/occ --no-warnings config:app:set richdocuments use_built_in_code_server --value="yes" + +echo "Nextcloud Office configuration completed!" +echo "Collabora Online should now be available at: https://${COLLABORA_DOMAIN}" diff --git a/nextcloud/nextcloud-maintenance.sh b/nextcloud/nextcloud-maintenance.sh new file mode 100755 index 0000000..8517bbc --- /dev/null +++ b/nextcloud/nextcloud-maintenance.sh @@ -0,0 +1,226 @@ +#!/bin/bash + +# Nextcloud Maintenance Script. +# This script performs maintenance tasks for Nextcloud. + +set -e + +# Colors for output. +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color. + +CONTAINER_NAME="nextcloud" + +# Function to print colored messages. +printMessage() { + local color=$1 + local message=$2 + echo -e "${color}${message}${NC}" +} + +# Function to run occ command. +runOcc() { + docker exec -u www-data "$CONTAINER_NAME" php occ "$@" +} + +# Load environment variables. +loadEnv() { + if [ -f "./nextcloud/.env" ]; then + source ./nextcloud/.env + printMessage "$GREEN" "Loaded Nextcloud environment variables." + else + printMessage "$RED" "Nextcloud .env file not found!" + exit 1 + fi + + if [ -f "./core/.env" ]; then + source ./core/.env + printMessage "$GREEN" "Loaded core environment variables." + else + printMessage "$RED" "Core .env file not found!" + exit 1 + fi +} + +# Function to check if container is running. +checkContainer() { + if ! docker ps | grep -q "$CONTAINER_NAME"; then + printMessage "$RED" "Error: Container $CONTAINER_NAME is not running!" + exit 1 + fi +} + +# Function to fix database collation version mismatch. +fix_database_collation() { + printMessage "$YELLOW" "Checking and fixing database collation version..." + + if docker exec postgres psql -U "${POSTGRES_USER}" -d "${NEXTCLOUD_DB_NAME}" -c "ALTER DATABASE ${NEXTCLOUD_DB_NAME} REFRESH COLLATION VERSION;" 2>&1 | grep -q "ALTER DATABASE"; then + printMessage "$GREEN" "Database collation version updated successfully." + return 0 + else + printMessage "$YELLOW" "Database collation check completed (may already be up to date)." + return 0 + fi +} + +# Function to check Nextcloud status. +check_status() { + printMessage "$YELLOW" "Checking Nextcloud status..." + runOcc status + return 0 +} + +# Function to scan files. +scan_files() { + if [ -z "$1" ]; then + printMessage "$YELLOW" "Scanning all files..." + runOcc files:scan --all + else + printMessage "$YELLOW" "Scanning files for user: $1..." + runOcc files:scan "$1" + fi + return 0 +} + +# Function to update Nextcloud. +update_nextcloud() { + printMessage "$YELLOW" "Running database upgrade..." + runOcc upgrade + return 0 +} + +# Function to optimize database. +optimize_database() { + printMessage "$YELLOW" "Optimizing database..." + runOcc db:add-missing-indices + runOcc db:add-missing-columns + runOcc db:add-missing-primary-keys + return 0 +} + +# Function to run maintenance repair. +run_repair() { + printMessage "$YELLOW" "Running maintenance repair..." + runOcc maintenance:repair + return 0 +} + +# Function to run comprehensive post-update maintenance. +post_update_maintenance() { + checkContainer + + printMessage "$GREEN" "=========================================" + printMessage "$GREEN" "Nextcloud Post-Update Maintenance" + printMessage "$GREEN" "=========================================" + echo "" + + printMessage "$YELLOW" "[1/10] Enabling maintenance mode..." + runOcc maintenance:mode --on + + printMessage "$YELLOW" "[2/10] Running database upgrade..." + runOcc upgrade + + printMessage "$YELLOW" "[3/10] Adding missing database indices..." + runOcc db:add-missing-indices + + printMessage "$YELLOW" "[4/10] Adding missing database columns..." + runOcc db:add-missing-columns + + printMessage "$YELLOW" "[5/10] Adding missing primary keys..." + runOcc db:add-missing-primary-keys + + printMessage "$YELLOW" "[6/10] Converting filecache to big int (if needed)..." + runOcc db:convert-filecache-bigint --no-interaction || printMessage "$YELLOW" "Already converted or not needed." + + printMessage "$YELLOW" "[7/10] Updating .htaccess and configuration files..." + runOcc maintenance:update:htaccess + + printMessage "$YELLOW" "[8/10] Updating theme..." + runOcc maintenance:theme:update + + printMessage "$YELLOW" "[9/10] Running repair steps..." + runOcc maintenance:repair + + printMessage "$YELLOW" "[10/10] Disabling maintenance mode..." + runOcc maintenance:mode --off + + echo "" + printMessage "$GREEN" "=========================================" + printMessage "$GREEN" "Maintenance completed successfully!" + printMessage "$GREEN" "=========================================" + echo "" + + printMessage "$YELLOW" "System Status:" + runOcc status + + echo "" + printMessage "$GREEN" "You may want to run background jobs manually:" + printMessage "$YELLOW" " docker exec -u www-data $CONTAINER_NAME php occ background:job:execute" +} + +# Main execution. +printMessage "$YELLOW" "Running Nextcloud maintenance tasks..." + +case "${1:-all}" in + collation) + loadEnv + checkContainer + fix_database_collation + ;; + status) + checkContainer + check_status + ;; + scan) + checkContainer + scan_files "$2" + ;; + update) + checkContainer + update_nextcloud + ;; + optimize) + checkContainer + optimize_database + ;; + repair) + checkContainer + run_repair + ;; + post-update) + loadEnv + post_update_maintenance + ;; + all) + loadEnv + checkContainer + fix_database_collation + echo "" + check_status + echo "" + optimize_database + echo "" + run_repair + echo "" + printMessage "$YELLOW" "Disabling maintenance mode..." + runOcc maintenance:mode --off + echo "" + printMessage "$GREEN" "All maintenance tasks completed." + ;; + *) + echo "Usage: $0 [collation|status|scan|update|optimize|repair|post-update|all]" + echo "" + echo "Commands:" + echo " collation - Fix database collation version mismatch" + echo " status - Check Nextcloud status" + echo " scan - Scan files (optionally specify username)" + echo " update - Update Nextcloud database" + echo " optimize - Optimize database indices and columns" + echo " repair - Run maintenance repair" + echo " post-update - Run comprehensive post-update maintenance workflow" + echo " all - Run all basic maintenance tasks (default)" + exit 1 + ;; +esac diff --git a/nextcloud/reverse-proxy/nginx.conf b/nextcloud/reverse-proxy/nginx.conf index f23a318..e6c9c80 100644 --- a/nextcloud/reverse-proxy/nginx.conf +++ b/nextcloud/reverse-proxy/nginx.conf @@ -82,15 +82,15 @@ http { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`. - location = /.well-known/carddav { return 301 /remote.php/dav; } - location = /.well-known/caldav { return 301 /remote.php/dav; } + location = /.well-known/carddav { return 301 https://$host/remote.php/dav; } + location = /.well-known/caldav { return 301 https://$host/remote.php/dav; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; + return 301 https://$host/index.php$request_uri; } location = /robots.txt { @@ -138,6 +138,10 @@ http { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for; + fastcgi_param HTTP_X_FORWARDED_PROTO $scheme; + fastcgi_param HTTP_X_FORWARDED_HOST $host; + fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_pass backend; fastcgi_intercept_errors on; }